CVE ID | Severity | CWE / Weakness Type | Date Published | Date Updated |
---|---|---|---|---|
CVE-2024-350 | Medium | CWE-200 Exposure of Sensitive Information to an Unauthorized Actor | 11 Apr 24 | 11 Apr 24 |
Description
JFrog Artifactory Self-Hosted versions prior to 7.77.3 are vulnerable to sensitive information disclosure whereby a low-privileged authenticated user can read the proxy configuration. This does not affect JFrog cloud deployments.
Severity
Medium
Affected Products
Product | Affected Version | Patched Version |
---|---|---|
Artifactory Self-Hosted | < 7.77.3 | 7.77.3 |
How to Fix
Cloud environments: Cloud environments are not affected by this issue.
Self-Hosted environments: To fix this issue, take the following action. Upgrade your version of Artifactory to one of the versions listed below.
Product | Version | Links |
---|---|---|
Artifactory (7.x) | 7.77.3 or later (Self-Hosted) |
Workarounds and Mitigations
None
Acknowledgements
This issue was discovered and reported by a JFrog customer.